package com.card.framework.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.AntPathMatcher;

import com.card.framework.mybatis.mapper.MyFrameworkSupperMapper;
import com.card.manager.dao.ResourcesMapper;
import com.card.manager.dao.RolesMapper;
import com.card.manager.domain.Resources;
import com.card.manager.domain.Roles;
import com.card.manager.domain.RolesExample;
import com.mysql.jdbc.StringUtils;


/**
 * @description  资源源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源可以被哪些角色访问
 * @author aokunsang
 * @date 2012-8-15
 */
public class MySecurityMetadataSource extends MyFrameworkSupperMapper implements FilterInvocationSecurityMetadataSource {

	/* 保存资源和权限的对应关系  key-资源url  value-权限 */
	public static Map<String,Collection<ConfigAttribute>> resourceMap = null; 
	private AntPathMatcher urlMatcher = new AntPathMatcher();
	
	@Override
	public Collection<ConfigAttribute> getAllConfigAttributes() {
		return null;
	}

	public void loadResourcesDefine(){
		resourceMap = new HashMap<String,Collection<ConfigAttribute>>();
		
		System.out.println("MySecurityMetadataSource.loadResourcesDefine()--------------开始加载资源列表数据--------");
		RolesMapper rolesMapper = this.getMapper(RolesMapper.class);
		ResourcesMapper resourcesMapper = this.getMapper(ResourcesMapper.class);
		List<Roles> roles = rolesMapper.selectByExample(new RolesExample());
		for(Roles role : roles){
			List<Resources> resources = resourcesMapper.selectResourcesForRole(role.getRoleid());
			for(Resources resource : resources){
				Collection<ConfigAttribute> configAttributes = null;
				ConfigAttribute configAttribute = new SecurityConfig(role.getName());
				if(resourceMap.containsKey(resource.getUrl())){
					configAttributes = resourceMap.get(resource.getUrl());
					configAttributes.add(configAttribute);
				}else{
					configAttributes = new ArrayList<ConfigAttribute>() ;
					configAttributes.add(configAttribute);
					resourceMap.put(resource.getUrl(), configAttributes);
				}
			}
		}
	}
	/* 
	 * 根据请求的资源地址，获取它所拥有的权限
	 */
	@Override
	public Collection<ConfigAttribute> getAttributes(Object obj)
			throws IllegalArgumentException {
		//loadResourcesDefine();
		//获取请求的url地址
		String url = ((FilterInvocation)obj).getRequestUrl();
		System.out.println("MySecurityMetadataSource:getAttributes()---------------请求地址为："+url);
		
		////////////////////////
//		FilterInvocation tempFI = (FilterInvocation)obj;
//		HttpServletRequest httpRequest = tempFI.getHttpRequest();
//		String opValue = httpRequest.getParameter("op");
//		if(!StringUtils.isNullOrEmpty(opValue))
//		{
//			Iterator<String> it = resourceMap.keySet().iterator();
//			while(it.hasNext()){
//				String _url = it.next();
//				if(_url.indexOf(opValue)!=-1){
//					//if(urlMatcher.matchStart(_url,url))
//						return resourceMap.get(_url);
//				}
//				
//			}
//		}
		////////////////////////
		
		Iterator<String> it = resourceMap.keySet().iterator();
		while(it.hasNext()){
			String _url = it.next();
			if(_url.indexOf("?")!=-1){
				_url = _url.substring(0, _url.indexOf("?"));
			}
			if(urlMatcher.matchStart(_url,url))
				return resourceMap.get(_url);
		}
		Collection<ConfigAttribute> returnCollection = new ArrayList<ConfigAttribute>(); 
		returnCollection.add(new SecurityConfig("ROLE_NO_USER")); 
		return returnCollection;
	    //return null;
	}

	@Override
	public boolean supports(Class<?> arg0) {
		System.out.println("MySecurityMetadataSource.supports()---------------------");
		return true;
	}
	
}
